The researchers at Cybereason Nocturnus have identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. This multi-wave attack is reported to have sought to steal communications data of specific individuals in various countries. In their report released today, Cyberason researchers say:

— "The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more."

— Understanding the motive: "When you think of large breaches to big organizations, the first thing that comes to mind is usually payment data. ... These attacks are usually conducted by a cybercrime group looking to make money. In contrast, when a nation-state threat actor is attacking a big organization, the end goal is typically not financial, but rather intellectual property or sensitive information about their clients. ... obtaining access to this data gives them intimate knowledge of any individuals they wish to target on that network."

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet